Environment data structure in Consul/Vault

Environment data structure in Consul/Vault
By default, Vault and Consul are supported for storing sensitive key-value pairs for our Docker configurations. To use Consul/Vault, set CONFIGURE_MODE to Vault. When you start a Docker container, startup scripts tries to fetch environment-related data from Vault.
For example, we can have a Tenant to represent your company (such as MyCompany), EnvironmentName (such as Non-production), and EnvironmentType (such as auth).

Key-value data structure in Consul/Vault

The key-value data on Consul/Vault is stored like a tree structure. We can fetch the key-value data through the following path:http://VaultIP:Port/v1/<Tenant>/EnvironmentName/EnvironmentType/TargetKey. The following table lists all default key-value paths on Consul/Vault. We can also add your key-value paths based on your business requirements and define the custom logic to fetch them.

KeyPath Mandatory/Optional Sample value Comments
Tenant/EnvName/domainName Optional default.svc.cluster.local If no value is specified, the following default value is applied: default.svc.cluster.local
Tenant/EnvName/oidcClientId Optional We need to specify a value to enable IBM ID.
Tenant/EnvName/oidcClientSecret Optional We need to specify a value to enable IBM ID.
Tenant/EnvName/blueIDServer Optional We need to specify a value to enable IBM ID.
Tenant/EnvName/blueIDProviderHost Optional We need to specify a value to enable IBM ID.
Tenant/EnvName/traceSpecification/ts-app Optional To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/search-app Optional To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/crs-app Optional To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/xc-app Optional To change the trace spec, specify a value.
Tenant/EnvName/certs/CertName Optional demo2/qa/certs/demo2qa-test={‘certificate’: ‘asdfadsfadsfads’, ‘destination_host’: ‘adsfadsf’, ‘issuing_ca’: ‘fadsfadsfads’, ‘keystorepass’: ‘adsfadsfads’, ‘private_key’: ‘adsfadsfasd’} We can add third-party certificate records.
Tenant/EnvName/certsBundle Optional demo2/qa/certsBundle={‘crsapp’: ‘demo2qa-testky’, ‘searchapp’: ‘demo2qa-test’, ‘storeapp’: ‘’, ‘tsapp’: ‘demo2qa-test’, ‘tsweb’: ‘’, ‘xcapp’: ‘’} We can create bundled certificates as a sample. When we deploy the environment, the container can detect the bundled certificates and apply them.
Tenant/EnvName/kafkaServers Optional Specify a value to enable ZooKeeper and Kafka.
Tenant/EnvName/zooKeeperServers Optional Specify a value to enable ZooKeeper and Kafka.
Tenant/EnvName/auth/dbHost Mandatory N/A
Tenant/EnvName/auth/dbName Mandatory N/A
Tenant/EnvName/auth/dbPassword Mandatory N/A
Tenant/EnvName/auth/dbPort Mandatory N/A
Tenant/EnvName/auth/dbUser Mandatory N/A

Tenant/EnvName/auth/dbType
Mandatory N/A

Tenant/EnvName/auth/dbaUser
Mandatory for Oracle This value is required for an Oracle database.

Tenant/EnvName/auth/dbaPassEncrypt
Mandatory for Oracle This value is required for an Oracle database.

Tenant/EnvName/auth/dbPassEncrypt
Mandatory for Oracle This value is required for an Oracle database.
Tenant/EnvName/auth/dbSSLEnable Optional true|false N/A
Tenant/EnvName/auth/dbXA Optional true|false N/A
Tenant/EnvName/auth/merchantKeyEncrypte Mandatory N/A
Tenant/EnvName/auth/spiUserName Mandatory N/A
Tenant/EnvName/auth/searchPort Optional Specify a value to reset searchPort, instead of using the default value.
Tenant/EnvName/auth/searchMasterHost Optional Specify a value to reset searchMasterHost, instead of using the default value.
Tenant/EnvName/auth/searchSlaveHost Optional Specify a value to reset searchSlaveHost, instead of using the default value.
Tenant/EnvName/auth/searchRepeaterHost Optional Specify a value to reset searchRepeaterHost, instead of using the default value.
Tenant/EnvName/auth/storeHost Optional Specify a value to reset storeHost, instead of using the default value.
Tenant/EnvName/auth/storePort Optional Specify a value to reset storePort, instead of using the default value.
Tenant/EnvName/auth/storeWebPort Optional Specify a value to reset storeWebPort, instead of using the default value.
Tenant/EnvName/auth/xcHost Optional Specify a value to reset xcHost, instead of using the default value.
Tenant/EnvName/auth/xcPort Optional Specify a value to reset xcPort, instead of using the default value.
Tenant/EnvName/auth/kafkaTopicPrefix Optional ${TENANT}${ENVIRONMENT}${ENVTYPE} Specify a value to config ZooKeeper and Kafka. If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE}
Tenant/EnvName/auth/healthCenterEnable Optional Specify value to enable healthCenter.
N/A
Tenant/EnvName/live/dbHost Mandatory N/A
Tenant/EnvName/live/dbName Mandatory N/A
Tenant/EnvName/live/dbPassword Mandatory N/A
Tenant/EnvName/live/dbPort Mandatory N/A
Tenant/EnvName/live/dbUser Mandatory N/A
Tenant/EnvName/live/dbType Mandatory N/A

Tenant/EnvName/live/dbaUser
Mandatory for Oracle This value is required for an Oracle database.

Tenant/EnvName/live/dbaPassEncrypt
Mandatory for Oracle This value is required for an Oracle database.

Tenant/EnvName/live/dbPassEncrypt
Mandatory for Oracle This value is required for an Oracle database.
Tenant/EnvName/live/dbSSLEnable Optional true|false N/A
Tenant/EnvName/live/dbXA Optional true|false N/A
Tenant/EnvName/live/merchantKeyEncrypte Mandatory N/A
Tenant/EnvName/live/spiUserName Mandatory N/A
Tenant/EnvName/live/spiUserPwd Mandatory N/A
Tenant/EnvName/live/searchPort Optional Specify a value to reset searchPort, instead of using the default value.
Tenant/EnvName/live/searchMasterHost Optional Specify a value to reset searchMasterHost, instead of using the default value.
Tenant/EnvName/live/searchSlaveHost Optional Specify a value to reset searchSlaveHost, instead of using the default value.
Tenant/EnvName/live/searchRepeaterHost Optional Specify a value to reset searchRepeaterHost, instead of using the default value.
Tenant/EnvName/live/storeHost Optional Specify a value to reset storeHost, instead of using the default value.
Tenant/EnvName/live/storePort Optional Specify a value to reset storePort, instead of using the default value.
Tenant/EnvName/live/storeWebPort Optional Specify a value to reset storeWebPort, instead of using the default value.
Tenant/EnvName/live/xcHost Optional Specify a value to reset xcHost, instead of using the default value.
Tenant/EnvName/live/xcPort Optional Specify a value to reset xcPort, instead of using the default value.
Tenant/EnvName/live/kafkaTopicPrefix Optional ${TENANT}${ENVIRONMENT}${ENVTYPE} If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE}
Tenant/EnvName/live/healthCenterEnable Optional Specify a value to enable healthCenter.

Storing key-value pairs in Vault
To set up Vault, see the Vault website. When you have a Vault ready for use, we can complete the following steps to store and retrieve key-value pairs.
Create a mount point based on the {Tenant}.For example,
init_json='json_data={"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}'
header="X-Vault-Token:<VAULT_TOKEN>"
curl -X POST -H $header -H "Content-Type:application/json" -d '{"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}' http://<Vault-IP-Address:VaultPort/v1/sys/mounts/Tenant
Store key-value pair data using the following command.
curl -X POST -H "X-Vault-Token:<vault_token>" -d '{"value":"<theValue>"}' http://<Vault-IP-Address:VaultPort/v1/Tenant/EnvironmentName/EnviromentType/TargetKey
For example, to store the value "mall" for a key name "dbName" under path MyCompany/Non-production/auth/dbName:
curl -X POST -H "X-Vault-Token:7f47efbb-b162-619b-0ced-448079d91b77" -d '{"value":"mall"}' http://myhostname.com:8200/v1/MyCompany/Non-production/auth/dbName
Retrieve data using the following command.
curl -X GET -H "X-Vault-Token:<VAULT_TOKEN>" http://<Vault-IP-Address:VaultPort/v1/Tenant/EnvironmentName/EnviromentType/TargetKey | jq -r .data.value
Related tasks
Accessing Docker image Help

Related reference
Manage certificates manually
Manage certificates with Vault

Related information:

Implement a continuous deployment pipeline for WebSphere Commerce Version 9

KeyPath	Mandatory/Optional	Sample value	Comments
Tenant/EnvName/domainName	Optional	default.svc.cluster.local	If no value is specified, the following default value is applied: default.svc.cluster.local
Tenant/EnvName/oidcClientId	Optional		We need to specify a value to enable IBM ID.
Tenant/EnvName/oidcClientSecret	Optional		We need to specify a value to enable IBM ID.
Tenant/EnvName/blueIDServer	Optional		We need to specify a value to enable IBM ID.
Tenant/EnvName/blueIDProviderHost	Optional		We need to specify a value to enable IBM ID.
Tenant/EnvName/traceSpecification/ts-app	Optional		To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/search-app	Optional		To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/crs-app	Optional		To change the trace spec, specify a value.
Tenant/EnvName/traceSpecification/xc-app	Optional		To change the trace spec, specify a value.
Tenant/EnvName/certs/CertName	Optional	demo2/qa/certs/demo2qa-test={‘certificate’: ‘asdfadsfadsfads’, ‘destination_host’: ‘adsfadsf’, ‘issuing_ca’: ‘fadsfadsfads’, ‘keystorepass’: ‘adsfadsfads’, ‘private_key’: ‘adsfadsfasd’}	We can add third-party certificate records.
Tenant/EnvName/certsBundle	Optional	demo2/qa/certsBundle={‘crsapp’: ‘demo2qa-testky’, ‘searchapp’: ‘demo2qa-test’, ‘storeapp’: ‘’, ‘tsapp’: ‘demo2qa-test’, ‘tsweb’: ‘’, ‘xcapp’: ‘’}	We can create bundled certificates as a sample. When we deploy the environment, the container can detect the bundled certificates and apply them.
Tenant/EnvName/kafkaServers	Optional		Specify a value to enable ZooKeeper and Kafka.
Tenant/EnvName/zooKeeperServers	Optional		Specify a value to enable ZooKeeper and Kafka.
Tenant/EnvName/auth/dbHost	Mandatory		N/A
Tenant/EnvName/auth/dbName	Mandatory		N/A
Tenant/EnvName/auth/dbPassword	Mandatory		N/A
Tenant/EnvName/auth/dbPort	Mandatory		N/A
Tenant/EnvName/auth/dbUser	Mandatory		N/A
Tenant/EnvName/auth/dbType	Mandatory		N/A
Tenant/EnvName/auth/dbaUser	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/auth/dbaPassEncrypt	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/auth/dbPassEncrypt	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/auth/dbSSLEnable	Optional	true\|false	N/A
Tenant/EnvName/auth/dbXA	Optional	true\|false	N/A
Tenant/EnvName/auth/merchantKeyEncrypte	Mandatory		N/A
Tenant/EnvName/auth/spiUserName	Mandatory		N/A
Tenant/EnvName/auth/searchPort	Optional		Specify a value to reset searchPort, instead of using the default value.
Tenant/EnvName/auth/searchMasterHost	Optional		Specify a value to reset searchMasterHost, instead of using the default value.
Tenant/EnvName/auth/searchSlaveHost	Optional		Specify a value to reset searchSlaveHost, instead of using the default value.
Tenant/EnvName/auth/searchRepeaterHost	Optional		Specify a value to reset searchRepeaterHost, instead of using the default value.
Tenant/EnvName/auth/storeHost	Optional		Specify a value to reset storeHost, instead of using the default value.
Tenant/EnvName/auth/storePort	Optional		Specify a value to reset storePort, instead of using the default value.
Tenant/EnvName/auth/storeWebPort	Optional		Specify a value to reset storeWebPort, instead of using the default value.
Tenant/EnvName/auth/xcHost	Optional		Specify a value to reset xcHost, instead of using the default value.
Tenant/EnvName/auth/xcPort	Optional		Specify a value to reset xcPort, instead of using the default value.
Tenant/EnvName/auth/kafkaTopicPrefix	Optional	${TENANT}${ENVIRONMENT}${ENVTYPE}	Specify a value to config ZooKeeper and Kafka. If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE}
Tenant/EnvName/auth/healthCenterEnable	Optional		Specify value to enable healthCenter.
			N/A
Tenant/EnvName/live/dbHost	Mandatory		N/A
Tenant/EnvName/live/dbName	Mandatory		N/A
Tenant/EnvName/live/dbPassword	Mandatory		N/A
Tenant/EnvName/live/dbPort	Mandatory		N/A
Tenant/EnvName/live/dbUser	Mandatory		N/A
Tenant/EnvName/live/dbType	Mandatory		N/A
Tenant/EnvName/live/dbaUser	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/live/dbaPassEncrypt	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/live/dbPassEncrypt	Mandatory for Oracle		This value is required for an Oracle database.
Tenant/EnvName/live/dbSSLEnable	Optional	true\|false	N/A
Tenant/EnvName/live/dbXA	Optional	true\|false	N/A
Tenant/EnvName/live/merchantKeyEncrypte	Mandatory		N/A
Tenant/EnvName/live/spiUserName	Mandatory		N/A
Tenant/EnvName/live/spiUserPwd	Mandatory		N/A
Tenant/EnvName/live/searchPort	Optional		Specify a value to reset searchPort, instead of using the default value.
Tenant/EnvName/live/searchMasterHost	Optional		Specify a value to reset searchMasterHost, instead of using the default value.
Tenant/EnvName/live/searchSlaveHost	Optional		Specify a value to reset searchSlaveHost, instead of using the default value.
Tenant/EnvName/live/searchRepeaterHost	Optional		Specify a value to reset searchRepeaterHost, instead of using the default value.
Tenant/EnvName/live/storeHost	Optional		Specify a value to reset storeHost, instead of using the default value.
Tenant/EnvName/live/storePort	Optional		Specify a value to reset storePort, instead of using the default value.
Tenant/EnvName/live/storeWebPort	Optional		Specify a value to reset storeWebPort, instead of using the default value.
Tenant/EnvName/live/xcHost	Optional		Specify a value to reset xcHost, instead of using the default value.
Tenant/EnvName/live/xcPort	Optional		Specify a value to reset xcPort, instead of using the default value.
Tenant/EnvName/live/kafkaTopicPrefix	Optional	${TENANT}${ENVIRONMENT}${ENVTYPE}	If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE}
Tenant/EnvName/live/healthCenterEnable	Optional		Specify a value to enable healthCenter.